Jump to content
Forum Feature Change - Login Method

AdminExtra still on TAZ servers

Paul

By Paul
in Board War

 Share

Recommended Posts

13511 Newbie

13511

Posted
Posted
I think Brivium has always had call home code in their addons, in the beginning it was just for license validation (allegedly), and then I think it started capturing more information.

I thought he had stripped that out right before the big XF "kick-off" happened.

  • Replies 46
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

SneakyDave Newbie

SneakyDave

Posted
Posted

I vaguely remember something like that too, but I think they still did license validation.

 

IIRC, I think they were capturing the entire User or Visitor object and sending that back, and they eventually took that out.

 

I'll have to go see if those threads exist to jog my memory.

"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
SneakyDave Newbie

SneakyDave

Posted
Posted

It looks like AdminExtra was "acqhired" by TAZ on or around 7/18/2013:

 

[ATTACH=full]82._xfImport[/ATTACH]

Admin Extra Under New Management...

 

Howie explains that the sites will stay separate on 12/22/2013, and was encouraging people to post on it as part of a promotion to get "double premium membership"!

[ATTACH=full]83._xfImport[/ATTACH]

Double Premium Membership for posting on Admin Extra

 

Redirects from AdminExtra to TAZ were setup sometime around 6/6/2014?

[ATTACH=full]84._xfImport[/ATTACH]

AdminExtra - Link back to TAZ

 

Morganna states that AdminExtra was merged into TAZ around June(ish) 2014. LeadCrow states that AnotherAdminForum (Shawn Gossman's) was merged November 2014.

[ATTACH=full]85._xfImport[/ATTACH]

"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
SneakyDave Newbie

SneakyDave

Posted
Posted

The old vB3 (or vB4?) version of TAZ may be installed here.

https://theadminzone.com/old_sites/theadminzone/

 

I suspect that it's the vB3 version because this file (that exists on vB3 and maybe vB4?) throws an error:

https://theadminzone.com/old_sites/theadminzone/forums/sendmessage.php

 

And there's a forbidden message access the admincp folder.

https://theadminzone.com/old_sites/theadminzone/forums/admincp/

 

Looks like MattW took care of that installation though, and cleaned it up the best he could.

 

Who knows how many vulnerabilities still exist in that version, just laying around? Are other installations located in that directory?

"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Paul Newbie

Paul

Posted
  • Author
Posted

After being hacked twice, why would Howard keep those things on hid server? No one could be that incompetent.

 

Someone should thank Adam H. If it wasn't for Adam H, the old forum installations could have remained on Howard's sever until who knows when.

SneakyDave Newbie

SneakyDave

Posted
Posted
Where is the TAZ Hacker to explain all of this for us? For some reason, I trust his opinion more than Howie's explanations.
"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Paul Newbie

Paul

Posted
  • Author
Posted
This isnt a vulnerability in a script per-say that needed to be stepped around carefully' date=' it is yet another neglect in operations.[/quote']

 

Adam's time on TAZ is coming to an end. Someone please tell him that he is welcome on my forum :) .

SneakyDave Newbie

SneakyDave

Posted
Posted

Looks like Howie found a way to get the old Brivium branded AdminExtra, and vB3 TheAdminZone.com sites removed:

https://theadminzone.com/old_sites/adminextra/

https://theadminzone.com/old_sites/theadminzone/

 

No explanation about them yet, nor if there was any coincidence that TAZ was having server problems yesterday and today.

 

There goes a lot of indexed Google page hits.

"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Paul Newbie

Paul

Posted
  • Author
Posted
It looks like Howard got away with not needing to give an explanation about all of this on TAZ. Not saying a word works better than denying you f'd up.
fool Newbie

fool

Posted
Posted
It looks like Howard got away with not needing to give an explanation about all of this on TAZ. Not saying a word works better than denying you f'd up.

I've said it again and again, that's precisely how commercial establishment behaves. If it's to the detriment of the establishment then there is no need to address anything. Big company like Internet Brands also did the same exact thing. In fact, we can even ask [uSER=13]@Mark.B[/uSER] for confirmation.

fool Newbie

fool

Posted
Posted
vulvacom and adminammo (not to be confused with adminflipflop) will behave the same way as well once they are fully professional.
Paul Newbie

Paul

Posted
  • Author
Posted
vulvacom and adminammo (not to be confused with adminflipflop) will behave the same way as well once they are fully professional.

Admin-Hub will never be like TAZ.

  • 2 weeks later...
SneakyDave Newbie

SneakyDave

Posted
Posted

The old directory on TAZ was throwing a database error for a long time. I wonder if that had any vulnerabilities in it?

 

http://directory.theadminzone.com/

 

I think it was showing the server path where it was installed too, so that wasn't a smart thing.

"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
Paul Newbie

Paul

Posted
  • Author
Posted
The old directory on TAZ was throwing a database error for a long time. I wonder if that had any vulnerabilities in it?

I keep forgetting about that directory. It makes me wonder how many other things are still on the server; Howard doesn't seem to like removing anything.

SneakyDave Newbie

SneakyDave

Posted
Posted
"What if I break something, and I look like a fool?"
"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
SneakyDave Newbie

SneakyDave

Posted
Posted

Whoops. TheAdminZone.net. I think that was a test site at one time.

 

Better give that one a look over too.

 

Time for another password reset?

"I wonder if wife Susie knows about the vile crap he posts on his site and how it fits in with her "youth ministry"?" - Dr. Howard Rosenzweig, former owner of TheAdminZone
13511 Newbie

13511

Posted
Posted

It's not a crime to not know how to work at the CLI of a server. I've seen to many people (me included when I was first learning) that screwed the pooch on one. That's why I try to always recommend that a person at least install their Linux flavor in a VM on their PC and play around in it and get comfortable before delving into the real world.

There should be a checklist when an import/conversion is done - and one of the last things on the list is removing access to the old site that was imported (I'm pretty sure most people will move the old structure to a new server if they are setting it up because it's easier to import that way than from a remote connection to another server).

The issue is, if you are going to have someone else do it, it's not hard to look and see if there are extra directories out in the web root that are not "normal" and they should be moved or permissions set so that the HTTP server cannot access them.

If you are going to keep a site online for any reason, put it in a sub domain and then password protect that one. It's easy enough to see if you just compare the directory structure in the script archive to what is present on the server, then ask questions of whomever did the import/conversion.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...